Fix building of GraphQL queries arguments hash #3887
Conversation
![datadog-datadog-prod-us1[bot]](https://avatars.githubusercontent.com/u/365230?s=60&v=4){kind=small}
github-actions
bot
added
appsec
BenchmarksBenchmark execution time: 2024-09-11 15:37:47 Comparing candidate commit 0259cdb in PR branch Found 0 performance improvements and 0 performance regressions! Performance is the same for 23 metrics, 2 unstable metrics. |
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #3887 +/- ##
=======================================
Coverage 97.84% 97.85%
=======================================
Files 1279 1280 +1
Lines 76530 76621 +91
Branches 3752 3753 +1
=======================================
+ Hits 74883 74976 +93
+ Misses 1647 1645 -2 ☔ View full report in Codecov by Sentry. |
y9v
force-pushed
the
appsec-fix-graphql-query-args
branch
from
55606b3 to
35f8ccd
Compare
y9v
force-pushed
the
appsec-fix-graphql-query-args
branch
from
31da3fb to
d620229
Compare
|
We've talked about being slightly more defensive:
|
|
@TonyCTHsu as discussed, I removed direct usage of And here I added rescuing of unexpected errors during AppSec instrumentation. |
y9v
force-pushed
the
appsec-fix-graphql-query-args
branch
from
b2fb79e to
c0b27d0
Compare
| end | ||
|
|
||
| def self.auto_instrument? | ||
| true | ||
| end | ||
|
|
||
| def self.ast_node_classes_defined? |
There was a problem hiding this comment.
Adding a couple of test cases
- Test positive with our graphql appraisal groups.
- Test negative with
hide_const
y9v
force-pushed
the
appsec-fix-graphql-query-args
branch
from
f818b5e to
9c460bc
Compare
| RSpec.describe Datadog::AppSec::Contrib::GraphQL::Integration do | ||
| describe '.ast_node_classes_defined?' do | ||
| it 'returns true when all AST node classes are defined' do | ||
| expect(described_class.ast_node_classes_defined?).to eq(true) |
There was a problem hiding this comment.
Just mine 50c since I can't add more to the actual code 😄
| expect(described_class.ast_node_classes_defined?).to eq(true) | |
| expect(described_class.ast_node_classes_defined?).to be(true) |
Explanation: https://stackoverflow.com/questions/26779937/what-is-the-difference-between-be-true-and-be-true-in-rspec
There was a problem hiding this comment.
hm, I still don't see in the link above what is the difference in this case between be and eq: I always use eq for booleans as it reads similar to == true or == false
There was a problem hiding this comment.
it is the same actually, I just thought that be(true) would be a bit more readable
There was a problem hiding this comment.
I personally type expect(xxx).to be true because it saves me two shift presses with pinky but as far as reading the code I don't see any difference between be true and eq(true). Semantically I believe the two are identical.
|
|
||
| it 'returns false when at least one of AST node classes is not defined' do | ||
| hide_const('GraphQL::Language::Nodes::Field') | ||
| expect(described_class.ast_node_classes_defined?).to eq(false) |
There was a problem hiding this comment.
| expect(described_class.ast_node_classes_defined?).to eq(false) | |
| expect(described_class.ast_node_classes_defined?).to be(false) |
| let(:queries) { [query] } | ||
|
|
||
| it 'returns queries' do | ||
| expect(dd_multiplex.queries).to eq(queries) |
There was a problem hiding this comment.
Just a suggestion over the simplicity, I think the queries var doesn't bring much value (hiding setup complexity) nor explaining the value. Because of that I think it's easier just to use the real expectation value
| let(:queries) { [query] } | |
| it 'returns queries' do | |
| expect(dd_multiplex.queries).to eq(queries) | |
| it 'returns queries' do | |
| expect(dd_multiplex.queries).to eq([query]) |
This way we avoid issues with older ruby versions, for example ruby 2.6 only allows using ** with hashes that have symbol keys.
We don't want to crash customer's application when graphql-ruby changes internals.
y9v
force-pushed
the
appsec-fix-graphql-query-args
branch
from
3562af9 to
242eb7c
Compare
y9v
force-pushed
the
appsec-fix-graphql-query-args
branch
from
242eb7c to
c7fcae4
Compare
|
Approved, although. I can't say much about the more intricate technical details here. |
|
The GraphQL logic itself is above my pay grade I'm afraid. |
|
Merging this, the failing system test will be fixed by DataDog/system-tests#2988 |
Fixes #3874
What does this PR do?
This PR changes the way we extract arguments from GraphQL queries.
It fixes following things:
Motivation:
This issue
Additional Notes:
This PR also changes the keys for arguments, they were query names before, but according to our RFC it should be resolver names.
How to test the change?
Unit tests are included. I also set up a local test GraphQL application for testing which I can share.